In ITU Standard H.235 (published in ITU-T Recommendation H.235 Version 3 “Security and Encryption for H-Series (H.323 and other H.245 based Multimedia Terminals”) security mechanisms are defined for a packet-oriented network communication. Integrity and authenticity of the registration and signalling data are ensured here by cryptographic checksums by including a shared secret. If an error occurs during the checking of a cryptographic checksum the messages, which also contain address information, are rejected.
In what is known as the “baseline profile” in accordance with H.235 Annex D a communication unit and a call control computer, referred to hereafter as a gatekeeper, authenticate themselves by means of a password which has been administered beforehand. In the “hybrid profile” in accordance with H.235 Annex F the communication unit and the gatekeeper use digital signatures and certificates for registration. To protect the integrity of the further messages which follow successful registration a shared secret is negotiated dynamically during registration using the Diffie-Hellman method.
In a communication system featuring a gatekeeper, a gateway and at least one communication unit, the authentication and authorization of the communication unit are normally undertaken by the gatekeeper while the gateway forwards the messages without modification from the communication unit to the gatekeeper.
Problems arise if the communication unit and the gatekeeper are in different communication networks with incompatible IP address ranges. In this case the IP address in the messages is converted by means of what is known as Network Address Translation (NAT) by the gateway which establishes the connection between the two communication networks. As a result of the conversion of the IP address the cryptographic checksum no longer matches the changed message, in which case it is rejected by the gatekeeper. To avoid this the checksum must be replaced by the gateway, for which purpose the latter would need the shared secret of the communication unit and the gatekeeper.
In the situation described the gateways would have to be given access to a database system with which the gatekeeper is connected for checking the authorization so that, for the conversion of the IP address, a new correct checksum can be calculated by the gateway. In this case both the authentication and also the authorization data are checked by the gateway.
The disadvantage of this method of operation is the necessity for an interface to the database at the gateway. Where the communication system features a plurality of such gateways which each connect two different communication networks to each other and each perform a conversion of the IP address, the checking for authorization and authentication would have to be undertaken in each of the gateways. This means that each of the plurality of gateways would need access to the data of the user database.